[
https://issues.apache.org/jira/browse/KAFKA-3069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15085853#comment-15085853
]
ASF GitHub Bot commented on KAFKA-3069:
---------------------------------------
GitHub user fpj opened a pull request:
https://github.com/apache/kafka/pull/736
KAFKA-3069: Fix recursion in ZkSecurityMigrator
I'm also fixing a bug in the testChroot test case.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/fpj/kafka KAFKA-3069
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/736.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #736
----
commit 81028a160f3653b53331f71c4ee988b4945a0a0f
Author: Flavio Junqueira <[email protected]>
Date: 2016-01-06T17:11:46Z
KAFKA-3069: Fixed issue in the migrator tool and bug in the testChroot case.
----
> Fix recursion in ZkSecurityMigrator
> -----------------------------------
>
> Key: KAFKA-3069
> URL: https://issues.apache.org/jira/browse/KAFKA-3069
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.0
> Reporter: Flavio Junqueira
> Assignee: Flavio Junqueira
> Fix For: 0.9.0.1
>
>
> The zk migrator tool recursively sets ACLs starting with the root, which we
> initially assumed was either the root of a dedicated ensemble or a chroot.
> However, there are at least two reasons for not doing it this way. First,
> shared ensembles might not really follow the practice of separating
> applications into branches, essentially creating a chroot for each. Second,
> there are paths we don't want to secure, like the ConsumersPath.
> To fix this, we simply need to set the root ACL separately and start the
> recursion on each of the persistent paths to secure.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
